genkit
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the Genkit CLI tool from cli.genkit.dev. This is the official distribution channel for the Firebase Genkit project and is a trusted source.
- [REMOTE_CODE_EXECUTION]: The installation section includes a shell command that fetches and executes a script from cli.genkit.dev via bash. This is a standard setup procedure for the official developer tool.
- [PROMPT_INJECTION]: The skill examples demonstrate a vulnerability surface for indirect prompt injection common in AI framework documentation. Ingestion points: User input is ingested via the SummaryInputSchema in SKILL.md. Boundary markers: The examples lack explicit delimiters to isolate user content within the prompt template. Capability inventory: The skill uses ai.generate to process the interpolated prompt. Sanitization: No input sanitization or validation is shown in the provided code snippets.
Audit Metadata